CVE-2025-27367 - Vulnerability Details - OpenCVE

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Ibm	Openpages With Watson

No data.

No data.

References

Link	Providers
https://www.ibm.com/support/pages/node/7239155

History

Tue, 08 Jul 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 08 Jul 2025 19:00:00 +0000

Type	Values Removed	Values Added
Description		IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields.
Title		IBM OpenPages with Watson improper input validation
First Time appeared		Ibm Ibm openpages With Watson
Weaknesses		CWE-602
CPEs		cpe:2.3:a:ibm:openpages_with_watson:8.3:::::::* cpe:2.3:a:ibm:openpages_with_watson:9.0:::::::*
Vendors & Products		Ibm Ibm openpages With Watson
References		https://www.ibm.com/support/pages/node/7239155
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2025-07-08T18:42:25.925Z

Updated: 2025-07-08T19:06:17.456Z

Reserved: 2025-02-22T15:25:27.069Z

Link: CVE-2025-27367

Vulnrichment

Updated: 2025-07-08T19:06:07.343Z

NVD

Status : Received

Published: 2025-07-08T19:15:40.150

Modified: 2025-07-08T19:15:40.150

Link: CVE-2025-27367

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27367", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-02-22T15:25:27.069Z", "datePublished": "2025-07-08T18:42:25.925Z", "dateUpdated": "2025-07-08T19:06:17.456Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:openpages_with_watson:8.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "OpenPages with Watson", "vendor": "IBM", "versions": [{"status": "affected", "version": "8.3, 9.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM OpenPages with Watson 8.3 and 9.0 \n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields.</span>\n\n</span>\n\n</span>"}], "value": "IBM OpenPages with Watson 8.3 and 9.0 \n\n\n\n\n\nis vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-602", "description": "CWE-602 Client-Side Enforcement of Server-Side Security", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-07-08T18:42:25.925Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7239155"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "For IBM OpenPages 9.0 - Apply 9.0 FixPack 5 (9.0.0.5) - Then Apply 9.0.0.5 Interim Fix 3 (9.0.0.5.3)<br>Download URL for 9.0.0.5 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5\">https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5</a><br>Download URL for 9.0.0.5.3 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-3\">https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-3</a><br><br>For IBM OpenPages 8.3 - Apply 8.3 FixPack 3 (8.3.0.3) - Then Apply 8.3.0.3 Interim Fix 2 (8.3.0.3.2)<br>Download URL for 8.3.0.3 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/openpages-watson-83-fix-pack-3\">https://www.ibm.com/support/pages/openpages-watson-83-fix-pack-3</a><br>Download URL for 8.3.0.3.2 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-8303-interim-fix-2\">https://www.ibm.com/support/pages/ibm-openpages-8303-interim-fix-2</a>"}], "value": "For IBM OpenPages 9.0 - Apply 9.0 FixPack 5 (9.0.0.5) - Then Apply 9.0.0.5 Interim Fix 3 (9.0.0.5.3)\nDownload URL for 9.0.0.5 -\u00a0 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 \nDownload URL for 9.0.0.5.3 -\u00a0 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-3 \n\nFor IBM OpenPages 8.3 - Apply 8.3 FixPack 3 (8.3.0.3) - Then Apply 8.3.0.3 Interim Fix 2 (8.3.0.3.2)\nDownload URL for 8.3.0.3 -\u00a0 https://www.ibm.com/support/pages/openpages-watson-83-fix-pack-3 \nDownload URL for 8.3.0.3.2 -\u00a0 https://www.ibm.com/support/pages/ibm-openpages-8303-interim-fix-2"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM OpenPages with Watson improper input validation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-08T19:06:03.792806Z", "id": "CVE-2025-27367", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T19:06:17.456Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27367", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-08T19:06:03.792806Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T19:06:07.343Z"}}], "cna": {"title": "IBM OpenPages with Watson improper input validation", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:openpages_with_watson:8.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "OpenPages with Watson", "versions": [{"status": "affected", "version": "8.3, 9.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "For IBM OpenPages 9.0 - Apply 9.0 FixPack 5 (9.0.0.5) - Then Apply 9.0.0.5 Interim Fix 3 (9.0.0.5.3)\nDownload URL for 9.0.0.5 -\u00a0 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 \nDownload URL for 9.0.0.5.3 -\u00a0 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-3 \n\nFor IBM OpenPages 8.3 - Apply 8.3 FixPack 3 (8.3.0.3) - Then Apply 8.3.0.3 Interim Fix 2 (8.3.0.3.2)\nDownload URL for 8.3.0.3 -\u00a0 https://www.ibm.com/support/pages/openpages-watson-83-fix-pack-3 \nDownload URL for 8.3.0.3.2 -\u00a0 https://www.ibm.com/support/pages/ibm-openpages-8303-interim-fix-2", "supportingMedia": [{"type": "text/html", "value": "For IBM OpenPages 9.0 - Apply 9.0 FixPack 5 (9.0.0.5) - Then Apply 9.0.0.5 Interim Fix 3 (9.0.0.5.3)<br>Download URL for 9.0.0.5 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5\">https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5</a><br>Download URL for 9.0.0.5.3 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-3\">https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-3</a><br><br>For IBM OpenPages 8.3 - Apply 8.3 FixPack 3 (8.3.0.3) - Then Apply 8.3.0.3 Interim Fix 2 (8.3.0.3.2)<br>Download URL for 8.3.0.3 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/openpages-watson-83-fix-pack-3\">https://www.ibm.com/support/pages/openpages-watson-83-fix-pack-3</a><br>Download URL for 8.3.0.3.2 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-8303-interim-fix-2\">https://www.ibm.com/support/pages/ibm-openpages-8303-interim-fix-2</a>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7239155", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM OpenPages with Watson 8.3 and 9.0 \n\n\n\n\n\nis vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields.", "supportingMedia": [{"type": "text/html", "value": "IBM OpenPages with Watson 8.3 and 9.0 \n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields.</span>\n\n</span>\n\n</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-602", "description": "CWE-602 Client-Side Enforcement of Server-Side Security"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-07-08T18:42:25.925Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27367", "state": "PUBLISHED", "dateUpdated": "2025-07-08T19:06:17.456Z", "dateReserved": "2025-02-22T15:25:27.069Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-07-08T18:42:25.925Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}